package org.bouncycastle.jce.provider;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.CertStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateParsingException;
import java.security.cert.PolicyQualifierInfo;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509CRLEntry;
import java.security.cert.X509CRLSelector;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.security.cert.X509Extension;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.spec.DSAPublicKeySpec;
import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.o1;
import org.bouncycastle.asn1.x509.c1;
import org.bouncycastle.jcajce.m;
import org.bouncycastle.jcajce.o;
import org.bouncycastle.jce.exception.ExtCertPathValidatorException;
import org.bouncycastle.util.StoreException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: classes.dex */
public class f {

    /* renamed from: a, reason: collision with root package name */
    public static final b0 f58101a = new b0();

    /* renamed from: b, reason: collision with root package name */
    public static final String f58102b;

    /* renamed from: c, reason: collision with root package name */
    public static final String f58103c;

    /* renamed from: d, reason: collision with root package name */
    public static final String f58104d;

    static {
        org.bouncycastle.asn1.x509.y.f55240t.getClass();
        org.bouncycastle.asn1.x509.y.f55230j.getClass();
        org.bouncycastle.asn1.x509.y.f55241u.getClass();
        org.bouncycastle.asn1.x509.y.f55228h.getClass();
        org.bouncycastle.asn1.x509.y.f55238r.getClass();
        org.bouncycastle.asn1.x509.y.f55226f.getClass();
        org.bouncycastle.asn1.x509.y.D6.getClass();
        f58102b = org.bouncycastle.asn1.x509.y.f55236p.f54791a;
        org.bouncycastle.asn1.x509.y.f55235o.getClass();
        org.bouncycastle.asn1.x509.y.Y.getClass();
        org.bouncycastle.asn1.x509.y.C6.getClass();
        org.bouncycastle.asn1.x509.y.f55239s.getClass();
        f58103c = org.bouncycastle.asn1.x509.y.X.f54791a;
        f58104d = org.bouncycastle.asn1.x509.y.f55231k.f54791a;
    }

    public static LinkedHashSet a(org.bouncycastle.jcajce.o oVar, List list) throws AnnotatedException {
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        for (Object obj : list) {
            if (obj instanceof org.bouncycastle.util.p) {
                try {
                    linkedHashSet.addAll(((org.bouncycastle.util.p) obj).a(oVar));
                } catch (StoreException e10) {
                    throw new AnnotatedException("Problem while picking certificates from X.509 store.", e10);
                }
            } else {
                try {
                    linkedHashSet.addAll(org.bouncycastle.jcajce.o.a(oVar, (CertStore) obj));
                } catch (CertStoreException e11) {
                    throw new AnnotatedException("Problem while picking certificates from certificate store.", e11);
                }
            }
        }
        return linkedHashSet;
    }

    public static LinkedHashSet b(X509Certificate x509Certificate, List list, ArrayList arrayList) throws AnnotatedException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubject(g0.c(x509Certificate).q());
            try {
                byte[] extensionValue = x509Certificate.getExtensionValue(f58103c);
                if (extensionValue != null) {
                    org.bouncycastle.asn1.r rVar = org.bouncycastle.asn1.x509.i.t(org.bouncycastle.asn1.r.E(extensionValue).G()).f54996a;
                    byte[] G = rVar != null ? rVar.G() : null;
                    if (G != null) {
                        x509CertSelector.setSubjectKeyIdentifier(new o1(G).q());
                    }
                }
            } catch (Exception unused) {
            }
            org.bouncycastle.jcajce.o<? extends Certificate> a10 = new o.b(x509CertSelector).a();
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            try {
                ArrayList arrayList2 = new ArrayList();
                arrayList2.addAll(a(a10, list));
                arrayList2.addAll(a(a10, arrayList));
                Iterator it = arrayList2.iterator();
                while (it.hasNext()) {
                    linkedHashSet.add((X509Certificate) it.next());
                }
                return linkedHashSet;
            } catch (AnnotatedException e10) {
                throw new AnnotatedException("Issuer certificate cannot be searched.", e10);
            }
        } catch (Exception e11) {
            throw new AnnotatedException("Subject criteria for certificate selector to find issuer certificate could not be set.", e11);
        }
    }

    public static TrustAnchor c(X509Certificate x509Certificate, Set set, String str) throws AnnotatedException {
        X509CertSelector x509CertSelector = new X509CertSelector();
        X500Principal issuerX500Principal = x509Certificate.getIssuerX500Principal();
        x509CertSelector.setSubject(issuerX500Principal);
        Iterator it = set.iterator();
        TrustAnchor trustAnchor = null;
        Exception exc = null;
        lc.d dVar = null;
        PublicKey publicKey = null;
        while (it.hasNext() && trustAnchor == null) {
            trustAnchor = (TrustAnchor) it.next();
            if (trustAnchor.getTrustedCert() != null) {
                if (x509CertSelector.match(trustAnchor.getTrustedCert())) {
                    publicKey = trustAnchor.getTrustedCert().getPublicKey();
                }
                trustAnchor = null;
            } else {
                if (trustAnchor.getCA() != null && trustAnchor.getCAName() != null && trustAnchor.getCAPublicKey() != null) {
                    if (dVar == null) {
                        dVar = lc.d.t(issuerX500Principal.getEncoded());
                    }
                    try {
                        if (dVar.equals(lc.d.t(trustAnchor.getCA().getEncoded()))) {
                            publicKey = trustAnchor.getCAPublicKey();
                        }
                    } catch (IllegalArgumentException unused) {
                    }
                }
                trustAnchor = null;
            }
            if (publicKey != null) {
                if (str == null) {
                    try {
                        x509Certificate.verify(publicKey);
                    } catch (Exception e10) {
                        exc = e10;
                        trustAnchor = null;
                        publicKey = null;
                    }
                } else {
                    x509Certificate.verify(publicKey, str);
                }
            }
        }
        if (trustAnchor != null || exc == null) {
            return trustAnchor;
        }
        throw new AnnotatedException("TrustAnchor found but certificate validation failed.", exc);
    }

    public static List<org.bouncycastle.jcajce.n> d(byte[] bArr, Map<org.bouncycastle.asn1.x509.b0, org.bouncycastle.jcajce.n> map) throws CertificateParsingException {
        if (bArr == null) {
            return Collections.EMPTY_LIST;
        }
        org.bouncycastle.asn1.x509.b0[] w10 = org.bouncycastle.asn1.x509.c0.t(org.bouncycastle.asn1.r.E(bArr).G()).w();
        ArrayList arrayList = new ArrayList();
        for (int i10 = 0; i10 != w10.length; i10++) {
            org.bouncycastle.jcajce.n nVar = map.get(w10[i10]);
            if (nVar != null) {
                arrayList.add(nVar);
            }
        }
        return arrayList;
    }

    public static List<org.bouncycastle.jcajce.l> e(org.bouncycastle.asn1.x509.k kVar, Map<org.bouncycastle.asn1.x509.b0, org.bouncycastle.jcajce.l> map) throws AnnotatedException {
        if (kVar == null) {
            return Collections.EMPTY_LIST;
        }
        try {
            org.bouncycastle.asn1.x509.v[] t10 = kVar.t();
            ArrayList arrayList = new ArrayList();
            for (org.bouncycastle.asn1.x509.v vVar : t10) {
                org.bouncycastle.asn1.x509.w wVar = vVar.f55186a;
                if (wVar != null && wVar.f55194b == 0) {
                    for (org.bouncycastle.asn1.x509.b0 b0Var : org.bouncycastle.asn1.x509.c0.t(wVar.f55193a).w()) {
                        org.bouncycastle.jcajce.l lVar = map.get(b0Var);
                        if (lVar != null) {
                            arrayList.add(lVar);
                        }
                    }
                }
            }
            return arrayList;
        } catch (Exception e10) {
            throw new AnnotatedException("Distribution points could not be read.", e10);
        }
    }

    public static org.bouncycastle.asn1.x509.b f(PublicKey publicKey) throws CertPathValidatorException {
        try {
            return c1.s(new org.bouncycastle.asn1.m(publicKey.getEncoded()).f()).f54928a;
        } catch (Exception e10) {
            throw new ExtCertPathValidatorException("Subject public key cannot be decoded.", e10);
        }
    }

    public static void g(org.bouncycastle.asn1.x509.v vVar, HashSet hashSet, X509CRLSelector x509CRLSelector) throws AnnotatedException {
        ArrayList arrayList = new ArrayList();
        org.bouncycastle.asn1.x509.c0 c0Var = vVar.f55188c;
        if (c0Var != null) {
            for (org.bouncycastle.asn1.x509.b0 b0Var : c0Var.w()) {
                if (b0Var.f54923b == 4) {
                    try {
                        arrayList.add(lc.d.t(b0Var.f54922a.d().q()));
                    } catch (IOException e10) {
                        throw new AnnotatedException("CRL issuer information from distribution point cannot be decoded.", e10);
                    }
                }
            }
        } else {
            if (vVar.f55186a == null) {
                throw new AnnotatedException("CRL issuer is omitted from distribution point but no distributionPoint field present.", null);
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                arrayList.add(it.next());
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                x509CRLSelector.addIssuerName(((lc.d) it2.next()).q());
            } catch (IOException e11) {
                throw new AnnotatedException("Cannot decode CRL issuer information.", e11);
            }
        }
    }

    public static void h(Date date, X509CRL x509crl, Object obj, g gVar) throws AnnotatedException {
        X509CRLEntry revokedCertificate;
        try {
            if (m0.c(x509crl)) {
                revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) obj).getSerialNumber());
                if (revokedCertificate == null) {
                    return;
                }
                X500Principal certificateIssuer = revokedCertificate.getCertificateIssuer();
                if (!g0.a(obj).equals(certificateIssuer == null ? g0.b(x509crl) : g0.e(certificateIssuer))) {
                    return;
                }
            } else if (!g0.a(obj).equals(g0.b(x509crl)) || (revokedCertificate = x509crl.getRevokedCertificate(((X509Certificate) obj).getSerialNumber())) == null) {
                return;
            }
            org.bouncycastle.asn1.i iVar = null;
            if (revokedCertificate.hasExtensions()) {
                if (revokedCertificate.hasUnsupportedCriticalExtension()) {
                    throw new AnnotatedException("CRL entry has unsupported critical extensions.", null);
                }
                try {
                    iVar = org.bouncycastle.asn1.i.F(k(revokedCertificate, org.bouncycastle.asn1.x509.y.f55232l.f54791a));
                } catch (Exception e10) {
                    throw new AnnotatedException("Reason code CRL entry extension could not be decoded.", e10);
                }
            }
            int H = iVar == null ? 0 : iVar.H();
            if (date.getTime() >= revokedCertificate.getRevocationDate().getTime() || H == 0 || H == 1 || H == 2 || H == 10) {
                gVar.f58114a = H;
                gVar.f58115b = revokedCertificate.getRevocationDate();
            }
        } catch (CRLException e11) {
            throw new AnnotatedException("Failed check for indirect CRL.", e11);
        }
    }

    public static HashSet i(org.bouncycastle.asn1.x509.v vVar, Object obj, org.bouncycastle.jcajce.q qVar) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            HashSet hashSet = new HashSet();
            hashSet.add(g0.a(obj));
            g(vVar, hashSet, x509CRLSelector);
            if (obj instanceof X509Certificate) {
                x509CRLSelector.setCertificateChecking((X509Certificate) obj);
            }
            m.b bVar = new m.b(x509CRLSelector);
            bVar.f57383b = true;
            org.bouncycastle.jcajce.m mVar = new org.bouncycastle.jcajce.m(bVar);
            qVar.b();
            Date b10 = qVar.b();
            b0 b0Var = f58101a;
            List<CertStore> a10 = qVar.a();
            b0Var.getClass();
            HashSet a11 = b0.a(mVar, b10, a10, qVar.f57962f);
            if (!a11.isEmpty()) {
                return a11;
            }
            if (obj instanceof org.bouncycastle.x509.m) {
                throw new AnnotatedException("No CRLs found for issuer \"" + ((org.bouncycastle.x509.m) obj).i().a()[0] + "\"", null);
            }
            throw new AnnotatedException("No CRLs found for issuer \"" + mc.e.V.d(g0.c((X509Certificate) obj)) + "\"", null);
        } catch (AnnotatedException e10) {
            throw new AnnotatedException("Could not get issuer information from distribution point.", e10);
        }
    }

    public static HashSet j(Date date, X509CRL x509crl, List list, List list2) throws AnnotatedException {
        X509CRLSelector x509CRLSelector = new X509CRLSelector();
        try {
            x509CRLSelector.addIssuerName(g0.b(x509crl).q());
            try {
                org.bouncycastle.asn1.u k10 = k(x509crl, f58104d);
                BigInteger G = k10 != null ? org.bouncycastle.asn1.n.E(k10).G() : null;
                try {
                    byte[] extensionValue = x509crl.getExtensionValue(f58102b);
                    x509CRLSelector.setMinCRLNumber(G != null ? G.add(BigInteger.valueOf(1L)) : null);
                    m.b bVar = new m.b(x509CRLSelector);
                    bVar.f57385d = org.bouncycastle.util.a.o(extensionValue);
                    bVar.f57386e = true;
                    bVar.f57384c = G;
                    org.bouncycastle.jcajce.m mVar = new org.bouncycastle.jcajce.m(bVar);
                    f58101a.getClass();
                    HashSet a10 = b0.a(mVar, date, list, list2);
                    HashSet hashSet = new HashSet();
                    Iterator it = a10.iterator();
                    while (it.hasNext()) {
                        X509CRL x509crl2 = (X509CRL) it.next();
                        Set<String> criticalExtensionOIDs = x509crl2.getCriticalExtensionOIDs();
                        if (criticalExtensionOIDs == null ? false : criticalExtensionOIDs.contains(h0.f58121f)) {
                            hashSet.add(x509crl2);
                        }
                    }
                    return hashSet;
                } catch (Exception e10) {
                    throw new AnnotatedException("Issuing distribution point extension value could not be read.", e10);
                }
            } catch (Exception e11) {
                throw new AnnotatedException("CRL number extension could not be extracted from CRL.", e11);
            }
        } catch (IOException e12) {
            throw new AnnotatedException("Cannot extract issuer from CRL.", e12);
        }
    }

    public static org.bouncycastle.asn1.u k(X509Extension x509Extension, String str) throws AnnotatedException {
        byte[] extensionValue = x509Extension.getExtensionValue(str);
        if (extensionValue == null) {
            return null;
        }
        try {
            return org.bouncycastle.asn1.u.y(org.bouncycastle.asn1.r.E(new org.bouncycastle.asn1.m(extensionValue).f()).G());
        } catch (Exception e10) {
            throw new AnnotatedException(android.support.v4.media.h.B("exception processing extension ", str), e10);
        }
    }

    public static PublicKey l(List list, int i10, md.c cVar) throws CertPathValidatorException {
        DSAPublicKey dSAPublicKey;
        PublicKey publicKey = ((Certificate) list.get(i10)).getPublicKey();
        if (!(publicKey instanceof DSAPublicKey)) {
            return publicKey;
        }
        DSAPublicKey dSAPublicKey2 = (DSAPublicKey) publicKey;
        if (dSAPublicKey2.getParams() != null) {
            return dSAPublicKey2;
        }
        do {
            i10++;
            if (i10 >= list.size()) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            PublicKey publicKey2 = ((X509Certificate) list.get(i10)).getPublicKey();
            if (!(publicKey2 instanceof DSAPublicKey)) {
                throw new CertPathValidatorException("DSA parameters cannot be inherited from previous certificate.");
            }
            dSAPublicKey = (DSAPublicKey) publicKey2;
        } while (dSAPublicKey.getParams() == null);
        DSAParams params = dSAPublicKey.getParams();
        try {
            return cVar.h("DSA").generatePublic(new DSAPublicKeySpec(dSAPublicKey2.getY(), params.getP(), params.getQ(), params.getG()));
        } catch (Exception e10) {
            throw new RuntimeException(e10.getMessage());
        }
    }

    public static final HashSet m(org.bouncycastle.asn1.v vVar) throws CertPathValidatorException {
        HashSet hashSet = new HashSet();
        if (vVar == null) {
            return hashSet;
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        org.bouncycastle.asn1.t a10 = org.bouncycastle.asn1.t.a(byteArrayOutputStream);
        Enumeration H = vVar.H();
        while (H.hasMoreElements()) {
            try {
                a10.l((org.bouncycastle.asn1.f) H.nextElement());
                hashSet.add(new PolicyQualifierInfo(byteArrayOutputStream.toByteArray()));
                byteArrayOutputStream.reset();
            } catch (IOException e10) {
                throw new ExtCertPathValidatorException("Policy qualifier info cannot be decoded.", e10);
            }
        }
        return hashSet;
    }

    public static Date n(org.bouncycastle.jcajce.q qVar, CertPath certPath, int i10) throws AnnotatedException {
        if (qVar.f57966j == 1 && i10 > 0) {
            int i11 = i10 - 1;
            if (i11 == 0) {
                try {
                    byte[] extensionValue = ((X509Certificate) certPath.getCertificates().get(i11)).getExtensionValue(sb.a.f62389e.f54791a);
                    org.bouncycastle.asn1.k H = extensionValue != null ? org.bouncycastle.asn1.k.H(org.bouncycastle.asn1.u.y(extensionValue)) : null;
                    if (H != null) {
                        try {
                            return H.G();
                        } catch (ParseException e10) {
                            throw new AnnotatedException("Date from date of cert gen extension could not be parsed.", e10);
                        }
                    }
                } catch (IOException unused) {
                    throw new AnnotatedException("Date of cert gen extension could not be read.", null);
                } catch (IllegalArgumentException unused2) {
                    throw new AnnotatedException("Date of cert gen extension could not be read.", null);
                }
            }
            return ((X509Certificate) certPath.getCertificates().get(i11)).getNotBefore();
        }
        return qVar.b();
    }

    public static boolean o(X509Certificate x509Certificate) {
        return x509Certificate.getSubjectDN().equals(x509Certificate.getIssuerDN());
    }

    public static f0 p(f0 f0Var, List[] listArr, f0 f0Var2) {
        f0 f0Var3 = (f0) f0Var2.getParent();
        if (f0Var == null) {
            return null;
        }
        if (f0Var3 != null) {
            f0Var3.f58105a.remove(f0Var2);
            q(listArr, f0Var2);
            return f0Var;
        }
        for (int i10 = 0; i10 < listArr.length; i10++) {
            listArr[i10] = new ArrayList();
        }
        return null;
    }

    public static void q(List[] listArr, f0 f0Var) {
        listArr[f0Var.getDepth()].remove(f0Var);
        if (!f0Var.f58105a.isEmpty()) {
            Iterator children = f0Var.getChildren();
            while (children.hasNext()) {
                q(listArr, (f0) children.next());
            }
        }
    }
}
